Introduction to smart access control systems
Access control is a security process that monitors and limits who/what can view or use resources in a computing environment. The fundamental idea is to minimize risk to the business or organization. There are two kinds of access control: physical and logical. The first one limits access to buildings, rooms, and physical IT assets. The second kind limits connections to computer networks, system files, and data.
Access control systems identify, authenticate, and authorize users and entities by checking required login credentials.
This article is an introduction to smart access control systems, describes physical and logical security systems, overviews the process from user-facing and admin-facing experience as well the infrastructure. It provides also an overview of the elements used in electronic access control systems. It covers details about different kinds of locks, such as mag locks, electronic strikes, and electronic exit pushbars. The advantages of credential-reading devices, such as keypads, key cars, card readers, and biometric readers are also covered, along with transmission technologies such as Bluetooth, Wi-Fi, and Z-Wave. This article also explains the differences between cloud-based, smartphone-based, and IoT-based access control systems.
Companies use different access control models depending on compliance requirements and the level of security needed for information technology. Different IT systems require different levels of security. A commercial-grade access control system classifies who gets into the facility and who doesn’t. A second level controls who has access to specific IT areas, down to each file cabinet or drawer containing sensitive information. Sophisticated systems can differentiate access by user, track activity, and provide security logs for administrators. Some systems communicate and coordinate with other security measures for a streamlined and integrated approach to protecting the company, its employees, its assets, and its data.
Today’s access control includes workstations, rooms, file cabinets, desk drawers, as well as printers and computers. A typical system has two major components. The first is access control of the physical location, such as a door, and typically contains the lock, the (card) reader, and a control panel to authenticate credentials. The second component involves access control hardware and software and a system that verifies the presence of authorized personnel. The automated nature of the system provides non-stop access control and protection.
Today, companies not only want to simply restrict entry, but they also need to monitor and manage access, which requires an access management system that controls who, where, and when access is granted.
Computer-based access control systems connect physical security with information security. By using such credentials as key cards, FOBs, or biometrics, the system provides quick and easy access to authorized personnel, and it can also monitor and track movement. After the system verifies credentials, it provides access by unlocking doors and recording the event. When credentials fail or entry is forced, the system records the failure and can activate back-up security measures, such as video cameras, alarms, or electronic notifications.
The process consists of the user-facing experience, the admin-facing experience, and the infrastructure.
The User-Facing Experience includes an access card or other forms of security credentials, the (card) reader, and the control panel. After the user presents access credentials, the system approves or rejects the request for entry. Access credentials can include an ID badge, keypad, biometric, swipe/tap/proximity card, or a smartphone app. The benefit of using credentials is that they are personalized, so any unlock event can be traced to the person associated with it. The card reader is mounted on the wall next to the door. It reads the data on the credential and sends a request to the server to unlock the door. Access management control systems record the activity, once the user activates the reader to activate credentials.
The Administration-Facing Experience usually includes a management dashboard or a management portal where the administrator or authorized personnel gain access to the system. It can add or remove changing user credentials or set the entry parameters to the secure area. To monitor and control access from anywhere and anytime, the dashboard often uses cloud storage. The most of the administrative side of access control involves automated process through software, and the system requires a manual editing of access details.
The infrastructure of the system includes the locking device, the access control panel, cables, and the server.
The technologically advanced locks have become a more secure, flexible, and affordable way to protect everything from buildings to individual drawers and doors in an office or home. Electronic locks are used to unlock the door on which they are installed. They usually have a wire that powers them. Some of them can be fail-safe or fail-secure.
In the event of a power loss, the fail-secure lock keeps the door locked until someone overrides the lock, while a fail-safe lock keeps the door open (and unsecured) until the power comes back online. The choice of which to use depends on the area being secured. Entry doors call for fail-safe locks, since they need to comply with building codes and fire regulations that call for people to be able to exit at any time, even in the event of a power outage. IT rooms should be wired for fail-secure because they always need to remain locked, even in the case of emergencies. Fail-secure doors also need to be equipped with electrified push bars to allow people to exit quickly in case of a fire.
An access control panel, also known as an intelligent controller, is not visible to most people in a facility because it's installed in the IT room or in an electrical, telephone, or communications closet. The reason for this precaution is because all the locks are wired to it. When a valid credential is presented at the door reader, the panel receives its request to unlock a specific relay, which is connected to the specific door wire.
Cables are a critical part of access control and can prove to be very expensive if installed improperly. Consequently, they should never be overlooked when planning an access control system. When designing the space, it's important that all the cables are specified so that the general contractor knows what to do. If the cables are not planned for, they will need to be added later, and this means someone will need to drill into, or lay cables on top of, all the newly-painted walls.
Every access control system needs a server where the permissions are stored in an access database. Here is where the presented credential is matched to the credentials that are authorized for that door, which determines whether the door should unlock or not. The server can be a dedicated local Windows or Linux computer, a cloud server, or even a decentralized server when the permissions are stored in the door reader. The most advanced servers track activity in all secure zones and record the date and time of entrance and exit of every individual. Standalone units typically store credentials at the reader rather on a centralized control panel. Administrators can access the database at the reader or through an app.
Overview of the components of electronic access control systems
The typical access control system controls access to a physical location, such as a door; it verifies the presence of authorized personnel. It usually contains several elements: a lock, a reader, a control panel to authenticate the credentials, along with access control hardware and software.
Business-grade locks are built for frequent use, are often wired electronically, are more attack-resistant, and are pricey. The locks come in fail-safe or fail-secure configurations, depending on whether the door should remain open during a power loss or not. Unlike fail-safe locks, fail-secure locks remain locked in case of power outage. This is why fail-secure locks should not be applied everywhere, such as in emergency-exit doors.
A basic type of electronic lock is a magnetic lock, which is also called a mag lock. This type involves a large electromagnet that is mounted on the door frame, while a corresponding armature is mounted on the door. Mag locks are simple to install and are very attack resistant. Mag locks are designed only in fail-safe configuration; when electrical power is off, they unlock. This could be a problem where security is a primary concern. Mag locks are frequently applied to the glass doors used in modern offices. Since most mag locks would not meet current fire security standards, many commercial doors are switching to stand-alone locks or electric locks.
Electronic strikes, also called electric latch releases, are electromechanical devices used as an integral part of any access control system. They are installed in the doorframes to avoid unnecessary wiring in the door leaf. Their main function is to open a door through a single electrical pulse. Electric strikes are generally available in three configurations: fail-secure, fail-safe, and hold-open.
In a fail-secure configuration, the strike remains locked in a power failure. However, a mechanical lock can still be used to open the door from the inside to grant egress from the secure side. A fail-safe configuration allows the door to be opened in a power outage. Fail-safe units are always operated with direct current. The third configuration, hold-open, applies an electric current to the strike causing it to unlock and remain unlocked until it is used. As soon as the strike has been used, it goes back to standard locked position. It’s used when the powering of the strike and the opening of the strike do not need to be exactly synchronized.
Electronic exit bars, also known as electrified pushbars, not only provide safe and effective escape through a doorway, but they also satisfy the need to secure property and contents. They are available in several versions to meet different applications and needs. Electrified pushbars can be applied for emergency-exit doors in public buildings, which are locked electrically, such as in hospitals, museums, schools, supermarkets, and retail stores. These pushbars can be applied in emergency doors in banks, administration buildings, and industrial sites.
Advanced Credential Readers and Control Panels
Users carry their credentials on access cards, key cards, ID badges, biometrics, or on smartphone apps. The user presents credentials at an access control point, which could be an exterior or interior door, gate, elevator, cabinet doors, drawers, or any other barriers to entry. The systems will require either single- or multiple-factor verification.
To connect the device that holds credentials with the reader, the contactless cards use near-field communication technologies such as radio frequency identification (RFID), QR codes, Wi-Fi, or Bluetooth.
A reader can be a keypad that requires a code for entry, a card reader that uses a FOB, a key card, a smart device, or a biometric reader that verifies the credentials through the individual’s biometrics.
The reader communicates with a control panel, which verifies the credentials presented with an approved access list. The approval process involves communication between the reader and a host, server, or control panel. There are basic readers, semi-intelligent readers, and intelligent readers. Each offers different levels of functionality.
The difference between semi-intelligent readers and intelligent readers is that semi-intelligent readers are available only to stand-alone devices. They include a lock, and they need contact to control the door hardware; they do not make an access decision. The credentials are presented to the reader, the reader communicates with the main controller, and the door is unlocked if the credentials match the approved access list. The list can be modified by the admin remotely (if the system provides this option). Semi-intelligent readers can connect to multiple locks using the same reader.
On the other hand, intelligent readers have inputs and outputs necessary to control the door hardware, and they have memory and processing power to make an access decision independently. Intelligent readers can work independently or in conjunction with other security measures. They offer remote control of entry, they are able to track entries and exits, and they operate multiple locks and points of entry from the same control panel.
Access control management systems can combine technologies that provide increased reliability and convenience, such as keypads, key FOBs, or remote access locks.
Keypads and touchscreens are basic locking systems. Operating with a basic reader, the user enters a preprogrammed code; if the code matches, the system releases the lock. Keypads accept multiple codes and temporary codes, and the touchscreens approve passwords, PINs, or biometrics.
Biometric readers can use fingerprint, palm scan, retina scan, or voice activation. These readers approve multiple users, and they also allow temporary use. The key benefit is avoiding credentials fraud. The downsides are their high cost, requiring the physical presence of the user, and often the system failure.
Smart Locks or Remote Access allow the user to control the lock without requiring physical presence at the location. The locks operate via software transmitted through Bluetooth, Wi-Fi, or Z-Wave technologies. Remote Access allows doors to lock or unlock remotely. The system shows its current status, and it can send an alarm when the door is locked, unlocked, or open, and users can enter their credentials using smartphone, computer, or tablet.
Key cards, key FOBs, and RFID readers use radio transmission to communicate with the controller. The reader can accept a swipe, tap, chip, or a contactless card.
Near-field communication (NFC) technology is a newer kind of RFID. NFC tags are most often activated by smartphones. A smart card can also be used to send information to NFC-enabled devices, such as tablets, mobile phones, and laptops, or allow them to access cloud-based networks and system resources over the internet. These novel NFC systems manage access through apps installed on smartphones, which act as the key or an information tag for an NFC-equipped reader. When the mobile device is swiped or tapped over an NFC reader, a communication channel is established, and data transactions take place to authenticate the authority of the user to access the secured area. This communication is not only limited to authentication, it can also record the access information, the exact time, the period of access, and many other office safety metrics.
Transmission technologies include Bluetooth, Wi-Fi, and Z-Wave.
Bluetooth is cost-friendly option. The lock connects directly to a mobile phone or FOB devices with a Bluetooth receiver. Proximity readers allow authorized personnel to verify credentials and unlock the door, without making physical contact. Bluetooth technology can integrate with a smartphone, FOB key card, or other smart device connected with the access control reader. The downside is that to operate successfully, the smartphone or FOB key card must be near the reader.
Wi-Fi technology has significantly expanded the use of remote locking systems. Wi-Fi connection lets admins and users control devices from anywhere. Through this connection, the reader communicates with the access control panel. The Wi-Fi-connected lock then records usage and, based on activity, sends alerts.
Z-Wave technology requires all devices to be connected with a communication hub. To accept credentials, the receiver must be within 30 meters of the reader. Extended reader devices can lengthen the range up to 150 meters. Due to its limitations, Z-Wave technology is mostly applied in residential settings.
Electronic Access Control Panels can be compared to a small computer that decides who will enter the secured area. Advanced electronic access systems simulate a control panel from a desktop or a mobile phone app. They contain programmable processors which can assign specific roles, as well as time and date windows, to persons authorized to exercise certain roles, such as visiting colleagues or freelance professionals working in a shared office space.
Methods of System Communication with Other Security Devices
Access control systems use a few common methods to communicate with other security devices. These systems connect the reader and server using cloud-based, smartphone-based, or IoT-based access control systems.
Cloud-based access control system
Some companies run their access control system on a physical computer in their buildings. However, the cloud-based access control system manages and controls the company’s doors through the internet.
These systems store data, credentials, logs, and other information at a remote site on a remote server through a third party, using cloud-based software. This allows centralized management, real-time updates, cloud wiring, diagnostics, and much more. The main benefit of using cloud-based communication is that it allows you to access the account at any time and from anywhere; you only need a secure internet connection.
This system allows you to remotely verify system operation, to add new users to access control groups, to change users’ rights to access, to reprogram access points, to export access logs for admins, to lockdown for emergencies and to monitor live-stream videos from any device.
Companies can also coordinate systems from multiple locations or offices. The cloud-based system provides flexibility and security of managing different offices from one place. The company is able to skip the high costs associated with purchasing servers and the wiring that connects all the components of access control, and it doesn’t need a specialist on-site to react to issues. There are also no limits to the number of doors/users that can be added to the system. In addition, the access control system can be fully integrated with other building management systems, without needing any physical interface for communication.
Smartphone-based access control system
A smartphone-based access control system connects users through a smartphone app. After users download the access control app to their smartphones, they sign in with their user account. As soon as their authorized keys appear, they select which door to open. The admin can remotely access the system, make changes, and view stored data. Using Bluetooth or Near Field Communication (NFC) readers, users can hold their phones next to the reader and enter the secured area when approved.
IoT-based access control system
In an IoT (Internet of Things)-based system, every individual device on the IP network is assigned a unique IP to communicate with each other. An IoT-based access control system, also known as an intelligent door locking system, allows every lock, lock access controller, card reader, and other associated device (with a separate assigned IP address) to communicate with each other intelligently. In short, every device is connected with sensors that trigger the control system to issue instructions to a specific machine to perform some action automatically.
Each device is configured for its operating conditions, criteria, sensitivity, and authority in core management control software, which is used as a controller of the entire system. By using a mobile app on a mobile device is possible to control and monitor the status of the access system. Any malicious activity in the access system will generate an alert and a detailed notification that appears on the mobile app or the main management software controller.
Internet of things is used by thousands of types of products, and almost all parts of the IoT security system are commonly used in modern buildings. In access control, intelligent locks, card readers, keypads, and other related devices all use this technology. Every authorized mobile device also uses its unique IP address in the network to gain access to the main controller, which allows them to use the intelligent locking system. The main server also has a unique IP address to establish IoT communication among the components of entire IoT access control ecosystem.
An IoT-based security system is fully integrated, accessible, and intelligent, and it tracks and saves records, can be managed automatically or manually, and can be configured for different level authorities. It seems ideal, but it still some drawbacks, since it is costly, complex, and vulnerable to hacks.